Important: There is an important distinction between
Version 5.x and Version 6 and later applications. The information in this
article supports Version 5.x applications only that are used with WebSphere
Application Server Version 6.0.x and later. The information does not apply
to Version 6.0.x and later applications.
In the WebSphere Application
Server Network Deployment installation, the
ws-security.xml file
is at the cell level and defines the default binding information for Web services
security for the entire cell. But each application server can have its own
ws-security.xml file
to override the cell default; similarly, each Web service can override the
default in its binding files. The following list contains the defaults defined
in
ws-security.xml file:
- Trust anchors
- Identifies the trusted root certificates for signature verification.
- Collection certificate stores
- Contains certificate revocation lists (CRLs) and nontrusted certificates
for verification.
- Key locators
- Locates the keys for digital signature and encryption.
- Trusted ID evaluators
- Evaluates the trust of the received identity before identity assertion.
- Login mappings
- Contains the Java Authentication and Authorization Service (JAAS) configurations
for AuthMethod token validation.
The Web services security run time reads the configuration
from the application bindings first, then tries the server-level, and finally
tries the cell level. The following figure depicts the run-time configuration
process.
Figure 1. Run-time configuration